Posted
by
timothy
on Tuesday October 20, 2015 @11:44AM
from the mulligan-stew dept.

New submitter bigtomrodney writes: Following last week's ruling by the European Court of Justice ruling on Safe Harbor, the Irish High Court has quashed the former decision of the Data Protection Commissioner not to investigate Facebook. In the current vacuum of legislation and given that this challenge is directly focused on U.S. intelligence agency's gathering of European citizen's data, this makes for interesting times ahead. See this story from earlier this month for a bit more background; all this fuss comes down mostly to efforts by one determined gadfly (Max Schrems) and the attention he's brought to the issue of privacy when data crosses national (or at least notional) borders.

I don't think you've been keeping up with the case. There is no new legislation, but a very simple point in contention. Did the Safe Harbour provision, intended to ensure corporations met European levels of data control, cover state intelligence gathering. The ruling is at this point, no. The Irish Data Protection Commissioner had stated in relation to the European Data Protection Directive that they had no power to look at the scope of Safe Harbour and that in of itself Facebook met the requirements of Safe Harbour.

It is not news that the NSA etc. did not see themselves as constrained by Safe Harbour. In light of the ECJ's rulings an investigation into Facebook's protection of European data seems appropriate.

The "Safe Harbour" agreement (which allowed US companies to basically wave their hand and say "yes, of course we comply with your privacy safeguards") was ruled to run counter to the EU privacy directive as interpreted in the light of articles 7 and 8 of the Charter of Fundamental Rights of the European Union.

This EU privacy directive and its national implementations are, however still in full force.

Yes, I largely agree. I wrote the blurb in haste. What I was trying (unsuccessfully) to alude to was the expected change to legislation to ensure business can continue to exchange data.

Essentially all of the big IT providers are American. Processing and the more contemporary "cloud" services that everything seems to have morphed into mean that your customer data does not have widely-accepted protection under the DPD. If a replacement does not step in we may see repatriating of data and a cleanup exercise.